The California Consumer Privacy Act (CCPA) is the latest in privacy compliance. Although not as comprehensive as what is provided by the GDPR, there are useful operational overlap that can help with compliance with the CCPA.
Privacy Counsel at OneTrust
Brian Philbrook serves as Privacy Counsel at OneTrust, a software platform that helps privacy professionals operationalize data privacy compliance and Privacy by Design. Brian received his JD and Certificate in Information Privacy Law with honors from the University of Maine School of Law. He is CIPP/US, CIPP/E, CIPM and CIPT certified, and is a licensed attorney in New Hampshire.
While privacy by design is not a new concept, the GDPR makes it a legal requirement, and thus practical guidance is needed for putting policy into practice. What are the concepts and requirements in the context of recent guidance published by the EDPS and UK ICO?
Out of all six legal bases for processing offered by the GDPR, consent and legitimate interests are the legal bases most likely to be relied upon to justify direct marketing. Where the direct marketing involves electronic communications, however, is where things get muddy.
With the EU GDPR right around the corner, you have probably heard that there will be six legal bases for processing personal data. For organizations who are currently preparing for GDPR, there is a strong focus on – as well as some confusion around – legitimate interests, in particular. Let's take a closer look.
The concept of consent has had a long history in privacy and data protection. Privacy consent has been evolving, especially under the GDPR. What are the expanded requirements for consent and what actions must organizations begin taking today to prepare for the coming of the GDPR on 25 May 2018?
Data subject rights are being expanded under the EU General Data Protection Regulation (GDPR), impacting the business processes of data controllers and processors. With the increased complexities that lie in within each distinct right, a variety of new issues will need to be considered.
Avoid the common pitfall of using pre-existing approach to Data Protection Impact Assessment (DPIA) without knowing the Article 29 Working Party guidelines.
While one of the primary goals of the GDPR is to harmonize data protection laws across the EU, there are over 50 provisions, which allow GDPR derogations by Member States.